Controlling Web Users By Source Ip Address; Prerequisites; Controlling Web Users By Source Ip Addresses - H3C S5100-SI Operation Manual

Network diagram
10.110.100.46
Host A
IP network
Host B
10.110.100.52
Figure 9-2 Network diagram for controlling SNMP users using ACLs
Configuration procedure
# Define a basic ACL.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] quit
# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 to
access the switch.
[Sysname] snmp-agent community read aaa acl 2000
[Sysname] snmp-agent group v2c groupa acl 2000
[Sysname] snmp-agent usm-user v2c usera groupa acl 2000

Controlling Web Users by Source IP Address

You can manage an S5100-SI/EI Ethernet switch remotely through Web. Web users can access a
switch through HTTP connections.
You need to perform the following two operations to control Web users by source IP addresses.
Defining an ACL
Applying the ACL to control Web users
To control whether a Web user can manage the switch, you can use this function.

Prerequisites

The controlling policy against Web users is determined, including the source IP addresses to be
controlled and the controlling actions (permitting or denying).

Controlling Web Users by Source IP Addresses

Controlling Web users by source IP addresses is achieved by applying basic ACLs, which are
numbered from 2000 to 2999.
Follow these steps to control Web users by source IP addresses:
To do...
Enter system view
Switch
Use the command...
system-view
9-5
Remarks
—